Skip to main content

Device Admin (TACACS+)

Cloud TACACS+ is centralized device administration (AAA) for your switches, routers, and firewalls — who can log in, what shell privilege they get, and exactly which commands they may run, with a full per‑command audit trail (RBAC).

Enforcement runs through the outbound‑only DashX agent on your LAN — no inbound ports, no VPN. Devices and identities are shared with RADIUS, so the NAS entries and directory you already set up carry over.

How the pieces fit

Sub‑tabWhat you do there
SettingsTurn TACACS+ on, choose RBAC/audit behavior, default privilege, MFA
Command SetsDefine reusable permit/deny command rules (e.g. "NOC read‑only")
User PoliciesMap users/groups → a command set + shell privilege on which devices
Command AuditReview every command that was run, permitted or denied
Device SetupCopy the vendor config to point your gear at DashX

Setup order

  1. Settings — enable TACACS+ and set defaults.
  2. Command Sets — build the permit/deny rule groups you'll assign.
  3. User Policies — bind groups to command sets, privilege, and device groups.
  4. Device Setup — configure each network device.
  5. Command Audit — verify commands are being logged as expected.